[ISN] Briton Indicted as Hacker

From: InfoSec News (isnat_private)
Date: Tue Nov 12 2002 - 22:32:14 PST

  • Next message: InfoSec News: "[ISN] Hackers could be planning major attack, says White House"

    Forwarded from: William Knowles <wkat_private>
    By Brooke A. Masters
    Washington Post Staff Writer
    Wednesday, November 13, 2002; Page A11 
    An unemployed British computer system administrator was indicted
    yesterday in Alexandria and New Jersey on eight counts of computer
    fraud for alleging penetrating about 100 U.S. government computers,
    shutting down networks and corrupting data in what U.S. Attorney Paul
    J. McNulty called "the biggest hack of military computers ever
    >From February 2001 to March 2002, two federal grand juries alleged,
    Gary McKinnon, 36, of London, exploited a known security problem with
    Microsoft Windows NT and Windows 2000 to break into 92 computers at
    NASA, the Pentagon, and more than a dozen military installations in 14
    Using software available on the Internet, he hacked into system
    administrator accounts, deleted files and accessed "sensitive"  
    information, said McNulty, . U.S. attorney for the Eastern District of
    Virginia. The attacks culminated in a February break-in that shut down
    2,000 computers at the Military District of Washington for three days,
    officials said.
    McKinnon has not been arrested, but McNulty said his office is working
    with Britain's national high-tech crime unit to extradite him to the
    United States. If the British courts agree to send McKinnon here, he
    would be the first person to be extradited to face hacking charges,
    said John Lynch, senior counsel at the Justice Department's computer
    crime unit.
    Authorities believe McKinnon, who used the screen name "Solo," acted
    alone and was not connected to a terrorist group.
    Federal officials said they believe McKinnon was looking for
    information rather than simply causing damage, but they said they
    believe he was not able to access any of the military's classified
    computer systems. The damage and lost productivity caused by his
    intrusions cost $900,000, officials said.
    The case should send a message to hackers, McNulty said. "You cannot
    act anonymously on the Internet," he said. "If you hack us we will
    find you. We will prosecute you and we will send you to prison."
    McKinnon is charged in Alexandria with seven counts of computer fraud
    and in New Jersey with one count of causing intentional damage to a
    protected computer for a 2001 break-in that forced the shutdown of the
    computer network at Naval Weapons Station Earle in Colts Neck, N.J. If
    convicted on all counts, he faces a maximum of 10 years on each one.  
    He could not be located for comment.
    The case "shows the far reach of computer crime and law enforcement's
    commitment to tracking it down," said Ralph J. Marra Jr., first
    assistant U.S. attorney for New Jersey.
    McKinnon is accused of scanning more than 65,000 computers, seeking
    systems where administrators had failed to install a protective patch
    to the Windows program that had been publicly available for years.  
    Once in, the hacker would exploit weak security -- users who left the
    word "password" or their sign-on name as their passwords -- to access
    individual accounts. He also installed a commercial software program
    called "Remotely Anywhere," that allowed him to tap into the systems
    and use the government's more powerful computers to scan other
    computers for weaknesses.
    "The lesson we learn from this one and every previous one that we just
    don't heed is that you've got to be vigilant. You've got to scan for
    vulnerabilities and fix them when you find them," said Mark D. Rasch,
    senior vice president of Solutionary Inc., an Omaha computer security
    firm. "Check to make sure the doors are locked."
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Nov 13 2002 - 01:06:52 PST